David West wrote:
...
> As you say, Randy, "From" addresses are easy to fake; but what about the
> originator's IP address? Could Trashfinder do an MX lookup on the domain
part
> of the "From" address and then compare it with the actual originator's IP
address?
> This would only be necessary for "Pass" addresses.
That's implementable, but I don't know whether it would really be a good
idea. Someone else noted that it isn't the source server in many cases; and
the only source that you can safely look at is the most recent one (all
received: lines can be faked except the one added by SMPTRCV).
> Another thought; how about changing the way in which the filters are
applied? I presume
> that the "Pass" filter comes first, and any mail successfully negotiating
that hurdle
> bypasses all other filters. The real problem is the "extensions" filter
(.exe etc).
> All mail containing banned attachments should have to go thought this
filter, including
> "Pass List" sources, and subjected to human checking before passing on to
the end recipient.
What you really want is to be able to specify which filters are passed by a
Pass filter. Today it's attachments, tomorrow it will be domains or
something else. That's possible of course, but messy to implement since the
filters are all intertwined. For instance, to be able to find out about
attachments, you have to have a message which is legal enough to be able to
find the attachment headers. If it isn't, it would trigger one of the
structure filters, and you wouldn't necessarily know that Outlook or Eudora
wouldn't figure it out and see attachments that TF couldn't.
I've added something like this to the "wish list"; but the "wish list" is
long, so don't expect to see it soon.
> Lastly. Why do some emails still get trashed, even when the from address
is in the
> "pass list"? Your message below is an example.
>
> The header shows the following:
>
>...
>From: "Randy Brukardt" <[EMAIL PROTECTED]>
...
>X-Trash-Finder: Message trashed, HTML automatic server access detected
(background)
...
>
>I have rrsoftware.com in my pass list. Do I need to add rockliffe.com as
well? Most
>messages from imsusers get through without any problems.
Did your filter actually Trash this message? The "X-Trash-Finder:" might
have been added by my server on the outbound; I recall the message getting
stuck on the way out.
>I am also a bit perplexed by the reason for trashing the message: HTML
automatic server
> access detected (background) Where is that in the message?
It's in the HTML coding. "<BODY background=cid:..."
John has those darn backgrounds turned on, and Windows nicely leaves them in
my reply unless I remember to force the reply to plain text, as I did with
this one.
The filter is too dumb to realize that a "cid:" URL refers to one included
in the message, it just looks for the attribute name. I suppose that could
be fixed, at the cost of losing the exact reason for the reference - the
URLs finder is doing the same work on the HTML, after all.
Randy.
This is the discussion list for the IMS Free email server software.
To unsubscribe send mailto:[EMAIL PROTECTED]
Delivered by Rockliffe MailSite
http://www.rockliffe.com/mailsite
Rock Solid Software (tm)
